valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 01:18:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow keystone to use different configuration profiles

Browse Source
This commit is contained in:
Joseph Hall 2013-09-16 10:49:55 -06:00
parent a6e98f17de
commit 41cc23ec01
1 changed files with 119 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

192
salt/modules/keystone.py
View File

@ -16,6 +16,30 @@ Module for handling openstack keystone calls.
keystone.token: 'ADMIN'
keystone.endpoint: 'http://127.0.0.1:35357/v2.0'
If configuration for multiple openstack accounts is required, they can be
set up as different configuration profiles:
For example::
openstack1:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.1:5000/v2.0/'
openstack2:
keystone.user: admin
keystone.password: verybadpass
keystone.tenant: admin
keystone.tenant_id: f80919baedab48ec8931f200c65a50df
keystone.auth_url: 'http://127.0.0.2:5000/v2.0/'
With this configuration in place, any of the nova functions can make use of
a configuration profile by declaring it explicitly.
For example::
salt '*' keystone.tenant_list profile=openstack1
'''
# Import third party libs
@ -40,22 +64,34 @@ def __virtual__():
__opts__ = {}
def auth():
def auth(profile=None):
'''
Set up keystone credentials
Only intended to be used within Keystone-enabled modules
'''
user = __salt__['config.option']('keystone.user', 'admin')
password = __salt__['config.option']('keystone.password', 'ADMIN')
tenant = __salt__['config.option']('keystone.tenant', 'admin')
tenant_id = __salt__['config.option']('keystone.tenant_id')
auth_url = __salt__['config.option']('keystone.auth_url',
'http://127.0.0.1:35357/v2.0/')
insecure = __salt__['config.option']('keystone.insecure', False)
token = __salt__['config.option']('keystone.token')
endpoint = __salt__['config.option']('keystone.endpoint',
'http://127.0.0.1:35357/v2.0')
if profile:
user = __salt__['config.get']('{0}:keystone.user'.format(profile), 'admin')
password = __salt__['config.get']('{0}:keystone.password'.format(profile), 'ADMIN')
tenant = __salt__['config.get']('{0}:keystone.tenant'.format(profile), 'admin')
tenant_id = __salt__['config.get']('{0}:keystone.tenant_id'.format(profile))
auth_url = __salt__['config.get']('{0}:keystone.auth_url'.format(profile),
'http://127.0.0.1:35357/v2.0/')
insecure = __salt__['config.get']('{0}:keystone.insecure'.format(profile), False)
token = __salt__['config.get']('{0}:keystone.token'.format(profile))
endpoint = __salt__['config.get']('{0}:keystone.endpoint'.format(profile),
'http://127.0.0.1:35357/v2.0')
else:
user = __salt__['config.get']('keystone.user', 'admin')
password = __salt__['config.get']('keystone.password', 'ADMIN')
tenant = __salt__['config.get']('keystone.tenant', 'admin')
tenant_id = __salt__['config.get']('keystone.tenant_id')
auth_url = __salt__['config.get']('keystone.auth_url',
'http://127.0.0.1:35357/v2.0/')
insecure = __salt__['config.get']('keystone.insecure', False)
token = __salt__['config.get']('keystone.token')
endpoint = __salt__['config.get']('keystone.endpoint',
'http://127.0.0.1:35357/v2.0')
kwargs = {}
if token:
@ -76,7 +112,8 @@ def auth():
def ec2_credentials_create(user_id=None, name=None,
tenant_id=None, tenant=None):
tenant_id=None, tenant=None,
profile=None):
'''
Create EC2-compatibile credentials for user per tenant
@ -89,7 +126,7 @@ def ec2_credentials_create(user_id=None, name=None,
user_id=c965f79c4f864eaaa9c3b41904e67082 \
tenant_id=722787eb540849158668370dc627ec5f
'''
kstone = auth()
kstone = auth(profile)
if name:
user_id = user_get(name=name)[name]['id']
@ -109,7 +146,7 @@ def ec2_credentials_create(user_id=None, name=None,
def ec2_credentials_delete(user_id=None, name=None,
access_key=None):
access_key=None, profile=None):
'''
Delete EC2-compatibile credentials
@ -123,7 +160,7 @@ def ec2_credentials_delete(user_id=None, name=None,
salt '*' keystone.ec2_credentials_delete name=admin \
access_key=5f66d2f24f604b8bb9cd28886106f442
'''
kstone = auth()
kstone = auth(profile)
if name:
user_id = user_get(name=name)[name]['id']
@ -136,7 +173,8 @@ def ec2_credentials_delete(user_id=None, name=None,
def ec2_credentials_get(user_id=None,
name=None,
access=None):
access=None,
profile=None):
'''
Return ec2_credentials for a user (keystone ec2-credentials-get)
@ -148,7 +186,7 @@ def ec2_credentials_get(user_id=None,
salt '*' keystone.ec2_credentials_get user_id=c965f79c4f864eaaa9c3b41904e67082 access=722787eb540849158668370dc627ec5f
salt '*' keystone.ec2_credentials_get name=nova access=722787eb540849158668370dc627ec5f
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for user in kstone.users.list():
@ -167,7 +205,7 @@ def ec2_credentials_get(user_id=None,
return ret
def ec2_credentials_list(user_id=None, name=None):
def ec2_credentials_list(user_id=None, name=None, profile=None):
'''
Return a list of ec2_credentials for a specific user (keystone ec2-credentials-list)
@ -179,7 +217,7 @@ def ec2_credentials_list(user_id=None, name=None):
salt '*' keystone.ec2_credentials_list user_id=298ce377245c4ec9b70e1c639c89e654
salt '*' keystone.ec2_credentials_list name=jack
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for user in kstone.users.list():
@ -196,7 +234,7 @@ def ec2_credentials_list(user_id=None, name=None):
return ret
def endpoint_get(service):
def endpoint_get(service, profile=None):
'''
Return a specific endpoint (keystone endpoint-get)
@ -206,11 +244,11 @@ def endpoint_get(service):
salt '*' keystone.endpoint_get ec2
'''
kstone = auth()
kstone = auth(profile)
return kstone.service_catalog.url_for(service_type=service)
def endpoint_list():
def endpoint_list(profile=None):
'''
Return a list of available endpoints (keystone endpoints-list)
@ -220,7 +258,7 @@ def endpoint_list():
salt '*' keystone.endpoint_list
'''
kstone = auth()
kstone = auth(profile)
ret = {}
for endpoint in kstone.endpoints.list():
ret[endpoint.id] = {'id': endpoint.id,
@ -232,7 +270,7 @@ def endpoint_list():
return ret
def role_create(name):
def role_create(name, profile=None):
'''
Create named role
@ -241,14 +279,14 @@ def role_create(name):
salt '*' keystone.role_create admin
'''
kstone = auth()
kstone = auth(profile)
if 'Error' not in role_get(name=name):
return {'Error': 'Role "{0}" already exists'.format(name)}
role = kstone.roles.create(name)
return role_get(name=name)
def role_delete(role_id=None, name=None):
def role_delete(role_id=None, name=None, profile=None):
'''
Delete a role (keystone role-delete)
@ -260,7 +298,7 @@ def role_delete(role_id=None, name=None):
salt '*' keystone.role_delete role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_delete name=admin
'''
kstone = auth()
kstone = auth(profile)
if name:
for role in kstone.roles.list():
@ -277,7 +315,7 @@ def role_delete(role_id=None, name=None):
return ret
def role_get(role_id=None, name=None):
def role_get(role_id=None, name=None, profile=None):
'''
Return a specific roles (keystone role-get)
@ -289,7 +327,7 @@ def role_get(role_id=None, name=None):
salt '*' keystone.role_get role_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.role_get name=nova
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for role in kstone.roles.list():
@ -304,7 +342,7 @@ def role_get(role_id=None, name=None):
return ret
def role_list():
def role_list(profile=None):
'''
Return a list of available roles (keystone role-list)
@ -314,7 +352,7 @@ def role_list():
salt '*' keystone.role_list
'''
kstone = auth()
kstone = auth(profile)
ret = {}
for role in kstone.roles.list():
ret[role.name] = {'id': role.id,
@ -322,7 +360,7 @@ def role_list():
return ret
def service_create(name, service_type, description=None):
def service_create(name, service_type, description=None, profile=None):
'''
Add service to Keystone service catalog
@ -333,12 +371,12 @@ def service_create(name, service_type, description=None):
salt '*' keystone.service_create nova compute \
'OpenStack Compute Service'
'''
kstone = auth()
kstone = auth(profile)
service = kstone.services.create(name, service_type, description)
return service_get(service.id)
def service_delete(service_id=None, name=None):
def service_delete(service_id=None, name=None, profile=None):
'''
Delete a service from Keystone service catalog
@ -349,14 +387,14 @@ def service_delete(service_id=None, name=None):
salt '*' keystone.service_delete c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_delete name=nova
'''
kstone = auth()
kstone = auth(profile)
if name:
service_id = service_get(name=name)[name]['id']
service = kstone.services.delete(service_id)
return 'Keystone service ID "{0}" deleted'.format(service_id)
def service_get(service_id=None, name=None):
def service_get(service_id=None, name=None, profile=None):
'''
Return a specific services (keystone service-get)
@ -368,7 +406,7 @@ def service_get(service_id=None, name=None):
salt '*' keystone.service_get service_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.service_get name=nova
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for service in kstone.services.list():
@ -385,7 +423,7 @@ def service_get(service_id=None, name=None):
return ret
def service_list():
def service_list(profile=None):
'''
Return a list of available services (keystone services-list)
@ -395,7 +433,7 @@ def service_list():
salt '*' keystone.service_list
'''
kstone = auth()
kstone = auth(profile)
ret = {}
for service in kstone.services.list():
ret[service.name] = {'id': service.id,
@ -405,7 +443,7 @@ def service_list():
return ret
def tenant_create(name, description=None, enabled=True):
def tenant_create(name, description=None, enabled=True, profile=None):
'''
Create a keystone tenant
@ -416,12 +454,12 @@ def tenant_create(name, description=None, enabled=True):
salt '*' keystone.tenant_create nova description='nova tenant'
salt '*' keystone.tenant_create test enabled=False
'''
kstone = auth()
kstone = auth(profile)
new = kstone.tenants.create(name, description, enabled)
return tenant_get(new.id)
def tenant_delete(tenant_id=None, name=None):
def tenant_delete(tenant_id=None, name=None, profile=None):
'''
Delete a tenant (keystone tenant-delete)
@ -433,7 +471,7 @@ def tenant_delete(tenant_id=None, name=None):
salt '*' keystone.tenant_delete tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_delete name=demo
'''
kstone = auth()
kstone = auth(profile)
if name:
for tenant in kstone.tenants.list():
if tenant.name == name:
@ -448,7 +486,7 @@ def tenant_delete(tenant_id=None, name=None):
return ret
def tenant_get(tenant_id=None, name=None):
def tenant_get(tenant_id=None, name=None, profile=None):
'''
Return a specific tenants (keystone tenant-get)
@ -460,7 +498,7 @@ def tenant_get(tenant_id=None, name=None):
salt '*' keystone.tenant_get tenant_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.tenant_get name=nova
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for tenant in kstone.tenants.list():
@ -477,7 +515,7 @@ def tenant_get(tenant_id=None, name=None):
return ret
def tenant_list():
def tenant_list(profile=None):
'''
Return a list of available tenants (keystone tenants-list)
@ -487,7 +525,7 @@ def tenant_list():
salt '*' keystone.tenant_list
'''
kstone = auth()
kstone = auth(profile)
ret = {}
for tenant in kstone.tenants.list():
ret[tenant.name] = {'id': tenant.id,
@ -497,7 +535,8 @@ def tenant_list():
return ret
def tenant_update(tenant_id=None, name=None, email=None, enabled=None):
def tenant_update(tenant_id=None, name=None, email=None,
enabled=None, profile=None):
'''
Update a tenant's information (keystone tenant-update)
The following fields may be updated: name, email, enabled.
@ -510,7 +549,7 @@ def tenant_update(tenant_id=None, name=None, email=None, enabled=None):
salt '*' keystone.tenant_update name=admin enabled=True
salt '*' keystone.tenant_update c965f79c4f864eaaa9c3b41904e67082 name=admin email=admin@domain.com
'''
kstone = auth()
kstone = auth(profile)
if not tenant_id:
for tenant in kstone.tenants.list():
if tenant.name == name:
@ -529,7 +568,7 @@ def tenant_update(tenant_id=None, name=None, email=None, enabled=None):
kstone.tenants.update(tenant_id, name, email, enabled)
def token_get():
def token_get(profile=None):
'''
Return the configured tokens (keystone token-get)
@ -539,7 +578,7 @@ def token_get():
salt '*' keystone.token_get c965f79c4f864eaaa9c3b41904e67082
'''
kstone = auth()
kstone = auth(profile)
token = kstone.service_catalog.get_token()
return {'id': token['id'],
'expires': token['expires'],
@ -547,7 +586,7 @@ def token_get():
'tenant_id': token['tenant_id']}
def user_list():
def user_list(profile=None):
'''
Return a list of available users (keystone user-list)
@ -557,7 +596,7 @@ def user_list():
salt '*' keystone.user_list
'''
kstone = auth()
kstone = auth(profile)
ret = {}
for user in kstone.users.list():
ret[user.name] = {'id': user.id,
@ -568,7 +607,7 @@ def user_list():
return ret
def user_get(user_id=None, name=None):
def user_get(user_id=None, name=None, profile=None):
'''
Return a specific users (keystone user-get)
@ -580,7 +619,7 @@ def user_get(user_id=None, name=None):
salt '*' keystone.user_get user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_get name=nova
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if name:
for user in kstone.users.list():
@ -598,7 +637,8 @@ def user_get(user_id=None, name=None):
return ret
def user_create(name, password, email, tenant_id=None, enabled=True):
def user_create(name, password, email, tenant_id=None,
enabled=True, profile=None):
'''
Create a user (keystone user-create)
@ -608,7 +648,7 @@ def user_create(name, password, email, tenant_id=None, enabled=True):
salt '*' keystone.user_create name=jack password=zero email=jack@halloweentown.org tenant_id=a28a7b5a999a455f84b1f5210264375e enabled=True
'''
kstone = auth()
kstone = auth(profile)
item = kstone.users.create(name=name,
password=password,
email=email,
@ -617,7 +657,7 @@ def user_create(name, password, email, tenant_id=None, enabled=True):
return user_get(item.id)
def user_delete(user_id=None, name=None):
def user_delete(user_id=None, name=None, profile=None):
'''
Delete a user (keystone user-delete)
@ -629,7 +669,7 @@ def user_delete(user_id=None, name=None):
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082
salt '*' keystone.user_delete name=nova
'''
kstone = auth()
kstone = auth(profile)
if name:
for user in kstone.users.list():
if user.name == name:
@ -648,7 +688,8 @@ def user_update(user_id=None,
name=None,
email=None,
enabled=None,
tenant=None):
tenant=None,
profile=None):
'''
Update a user's information (keystone user-update)
The following fields may be updated: name, email, enabled, tenant.
@ -661,7 +702,7 @@ def user_update(user_id=None,
salt '*' keystone.user_update user_id=c965f79c4f864eaaa9c3b41904e67082 name=newname
salt '*' keystone.user_update c965f79c4f864eaaa9c3b41904e67082 name=newname email=newemail@domain.com
'''
kstone = auth()
kstone = auth(profile)
if not user_id:
for user in kstone.users.list():
if user.name == name:
@ -690,7 +731,8 @@ def user_update(user_id=None,
def user_verify_password(user_id=None,
name=None,
password=None):
password=None,
profile=None):
'''
Verify a user's password
@ -701,7 +743,7 @@ def user_verify_password(user_id=None,
salt '*' keystone.user_verify_password name=test password=foobar
salt '*' keystone.user_verify_password user_id=c965f79c4f864eaaa9c3b41904e67082 password=foobar
'''
kstone = auth()
kstone = auth(profile)
auth_url = __salt__['config.option']('keystone.endpoint',
'http://127.0.0.1:35357/v2.0')
if user_id:
@ -723,7 +765,8 @@ def user_verify_password(user_id=None,
def user_password_update(user_id=None,
name=None,
password=None):
password=None,
profile=None):
'''
Update a user's password (keystone user-password-update)
@ -735,7 +778,7 @@ def user_password_update(user_id=None,
salt '*' keystone.user_delete user_id=c965f79c4f864eaaa9c3b41904e67082 password=12345
salt '*' keystone.user_delete name=nova password=12345
'''
kstone = auth()
kstone = auth(profile)
if name:
for user in kstone.users.list():
if user.name == name:
@ -752,7 +795,8 @@ def user_password_update(user_id=None,
def user_role_add(user_id=None, user=None,
tenant_id=None, tenant=None,
role_id=None, role=None):
role_id=None, role=None,
profile=None):
'''
Add role for user in tenant (keystone user-role-add)
@ -766,7 +810,7 @@ def user_role_add(user_id=None, user=None,
role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_add user=admin tenant=admin role=admin
'''
kstone = auth()
kstone = auth(profile)
if user:
user_id = user_get(name=user)[user]['id']
else:
@ -795,7 +839,8 @@ def user_role_add(user_id=None, user=None,
def user_role_remove(user_id=None, user=None,
tenant_id=None, tenant=None,
role_id=None, role=None):
role_id=None, role=None,
profile=None):
'''
Remove role for user in tenant (keystone user-role-remove)
@ -809,7 +854,7 @@ def user_role_remove(user_id=None, user=None,
role_id=ce377245c4ec9b70e1c639c89e8cead4
salt '*' keystone.user_role_remove user=admin tenant=admin role=admin
'''
kstone = auth()
kstone = auth(profile)
if user:
user_id = user_get(name=user)[user]['id']
else:
@ -839,7 +884,8 @@ def user_role_remove(user_id=None, user=None,
def user_role_list(user_id=None,
tenant_id=None,
user_name=None,
tenant_name=None):
tenant_name=None,
profile=None):
'''
Return a list of available user_roles (keystone user-roles-list)
@ -852,7 +898,7 @@ def user_role_list(user_id=None,
tenant_id=7167a092ece84bae8cead4bf9d15bb3b
salt '*' keystone.user_role_list user_name=admin tenant_name=admin
'''
kstone = auth()
kstone = auth(profile)
ret = {}
if user_name:
for user in kstone.users.list():
@ -874,7 +920,7 @@ def user_role_list(user_id=None,
return ret
def _item_list():
def _item_list(profile=None):
'''
Template for writing list functions
Return a list of available items (keystone items-list)
@ -885,7 +931,7 @@ def _item_list():
salt '*' keystone.item_list
'''
kstone = auth()
kstone = auth(profile)
ret = []
for item in kstone.items.list():
ret.append(item.__dict__)